Redirect all outgoing DNS queries to localhost

[zszs73]

Hello,

Following the https://forum.opnsense.org/index.php?topic=9245 I've created a port forward rule.
Apparently this correctly forwards all DNS queries to localhost, but the firewall responds with its own interface address as source, so the client will not accept it.
See the following tcpdump output taken on the firewall:
192.168.2.21: client ip
192.168.2.254: fw interface ip

Code: [Select]

21:32:43 IP 192.168.2.21.35156 > 8.8.8.8.53: 52992+ [1au] A? dw.com. (47)
21:32:43 IP 192.168.2.254.53 > 192.168.2.21.35156: 52992 2/0/1 A 194.55.30.46, A 194.55.26.46 (67)In my understanding the firewall just sent back the reply to the client and following its routing table it realized that it has an interface in the client's subnet -> the response packet did not pass through the NAT (portforward) rule -> the source did not get overwritten to 8.8.8.8
What did I set wrong?
Not sure if it is important, but AdGuardHome is listening on the firewall all ip and port 53.

It seems to me that I am not alone: https://forum.opnsense.org/index.php?topic=9245.msg164547#msg164547

Not sure if I have to deal with Rules/adbanced features/reply-to?